[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Very funny, Polyanna :-( [namespace pollution]



>What I'm worried about is
>some comedian publishing a public key for addresses like
>"[email protected]" or any of the common mailing
>gateways, and suddenly people using auto-encrypting mail programs
>find that no-one can read their posts.

Presence on a keyring means that a key exists, not that the owner of a
key has a policy that it should always be used, or that it should be
used by everybody.  Both PGP and PEM get this completely wrong.  Not
every key will be used for every purpose.  Mere existence of a key
should not indicate permission to encrypt with it.

No current cryptosystem has a way of specifying policy in a public key
distribution system.  I want separate keys for separate machines,
separate keys for signing and for secrecy, separate keys for
contracting and for authentication.  The current systems don't support
this, and will, I suspect, not support this any time soon.  In the
meanwhile such policies will have to be created manually, even if
their operation is transparent.

>Whatever solution we can find will have to involve active support
>from the keyservers I suspect.  

The key servers are just serving data.  To add policy criteria to the
key servers is to extend their functionality beyond their original
intent.

Eric